Messages

...I see stuff with WG tunnels (non-connecting, stopping randomly, not starting services on reboot) which shows no pattern or is not related to any changes at the endpoints. There is something weird going on.

Sometimes a restart of the service resolves it, sometimes a reboot is needed. On an ancient pfsense I have to re-install (!) the WG plugin (via another, working WG tunnel to another opnsense, really scary if you are remote...) to make a specific tunnel to an opnsense come up again from time to time.

The reddit above is more than 1 year old, I saw this here

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285905

1 year old.

The

Code Select Expand

...
iwlwifi0: could not load firmware image 'iwlwifi-ty-a0-gf-a0-77.ucode'
iwlwifi0: File size way too small!
...
sounds mega fishy.

AX210 should work in 14.3

https://forums.freebsd.org/threads/slower-than-expected-performance-from-intel-wifi-drivers.98118/

Hello!

First of all: No, it's not me. I learned my lessons on BSD and wifi ;-). So, I'm asking for a ...friend (kind of). Really! :-D

He wants to run an Intel AX210 on his protectli with 26.1.latest. I warned, anyways...

I found this here:

https://www.reddit.com/r/freebsd/comments/1jwbms6/intel_wifi_driver_iwx4_now_in_current/?solution=981b64c5cce237f9981b64c5cce237f9&js_challenge=1&token=bbbe4bf1c9a2b5160829c4be34da5861cc4aafcbe4ac2126a9ecee431d7f929f&jsc_orig_r=

Although 1 year old, he get's something along the line of

Code Select Expand

iwlwifi-ty-a0-gf-a0-77.ucode: could not load binary firmware /boot/firmware/iwlwifi-ty-a0-gf-a0-77.ucode either
iwlwifi-ty-a0-gf-a0-77.ucode: could not load binary firmware /boot/firmware/iwlwifi-ty-a0-gf-a0-77.ucode either
iwlwifi-ty-a0-gf-a0-77_ucode: could not load binary firmware /boot/firmware/iwlwifi-ty-a0-gf-a0-77_ucode either
iwlwifi_ty_a0_gf_a0_77_ucode: could not load binary firmware /boot/firmware/iwlwifi_ty_a0_gf_a0_77_ucode either
iwlwifi0: could not load firmware image 'iwlwifi-ty-a0-gf-a0-77.ucode'
iwlwifi0: File size way too small!
iwlwifi0: no suitable firmware found!
iwlwifi0: minimum version required: iwlwifi-ty-a0-gf-a0-77
iwlwifi0: maximum version supported: iwlwifi-ty-a0-gf-a0-89
iwlwifi0: check git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
iwlwifi0: On FreeBSD the firmware package can be installed running fwget(8).
Is there any hope anytime soon (26.6 maybe?) this will work in AP mode on his OPNsense?

Have this cron job for DNS-resolution for stale WG tunnels for years, working fine in general. But not in this case. Only wa to resolve after reboot: Obtain a fresh WAN IP (DHCP) by changing MAC of WAN interface. Otherwise this one specific tunnel won't come back after reboot. Very, very, very annoying. Had been doing fine for years.

How about "restoring" a custom config.xml with serial console enabled and other parts of the .xmp reset to your favourite state and reboot?

Nice there, lot's of nice people. But reminds me a lot of dark times now. Soccer vs. Olympia, you know...

Listen to old, white men, from time to time. Not tooooo often, but sometimes:

https://www.schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html

If somebody had warned us!


...oh, wait...

https://www.schneier.com/blog/archives/2014/05/new_nsa_snowden.html

https://en.wikipedia.org/wiki/Executive_Order_14203

https://www.justiceinfo.net/en/156847-living-with-us-sanctions-means-living-in-constant-uncertainty.html

I can write here, I'm not going to travel to the US again...

Definitely! If you want to end up on the US saction list. No bank, no credit card, no nothing.

Bold move!

Is this account a mythos or a mythos bot? :-O

Even for the "off-topic" corner you are miles off-topic... :-p

Just saying.

https://www.theregister.com/2026/04/21/iran_claims_us_used_backdoors/

I'm shocked!

...really :-D

OK, x tunnels, all WG with DynDNS, of which x-1 come up normally after opnsense reboot, while 1 tunnel doesn't, restarting WG instance, dis-/enabling does nothing to bring the tunnel up, as does any operation you can imagine on the remote WG instance.

But obtaining a fresh WAN IP on opnsense brings up this tunnel.

All the tunnels up and running for 5+ years, problem started some weeks ago.

What to make out of this?

As written somewhere else: This very same tunnel went down at a random time of day recently, again only a fresh WAN IP could recover the tunnel. No other operation.

https://forum.opnsense.org/index.php?topic=51381.msg265443#msg265443

https://www.youtube.com/watch?v=pAyKJAtDNCw

:-(